Modernizing Authentication — What It Takes to Transform Secure Access
Last year, a Pindrop Security study found there were more than 1.6 million instances of phone fraud in the U.S. between January and September of 2012, an average of almost five fraud calls per minute -- and according to a recent Aite Group report, 74 percent of financial institutions say organized attacks by criminal rings are currently responsible for the majority of their contact center fraud.
It's a growing problem. Aite Group senior analyst Shirley Inscoe says financial institutions are experiencing a significant increase in contact center fraud being perpetrated by organized criminal gangs.
Still, Inscoe says, technologies like voice biometrics make it easier for institutions and other companies to stop fraud in the call center. "Many companies will create a hot file of bad voice prints from prior calls that turned out to be fraudsters," she says. "They'll use that hot file to compare the voices on incoming calls and quickly identify those who have caused fraud in past situations, so those calls can then be quickly passed to someone in the organization who is better trained to deal with suspicious activity."
Supplement Training with Technology
While Inscoe says just about every company trains its call center representatives on fraud, many find it simply doesn't happen often enough for the reps to become experts at handling it. "So if they're able to detect those suspicious calls as they come in and get them over to a group who's very highly trained in fraud prevention, that seems to be one very effective use of voice technology," she says.
In fact, Matt Anthony, vice president of marketing at Pindrop Security, says that even for financial institutions that are heavily under attack, only about one in every 3,000 or 4,000 calls is malicious. "For the average call center rep, you're almost never talking to one of these bad guys," he says.
Pindrop Security founder, CEO and CTO Vijay Balasubramaniyan says an in-depth look at a phone number can also be useful in detecting fraud. "An example of this is a phone number that's completely unallocated as far as the numbering plan of U.S. phone numbers. It's not a valid phone number, and yet you're seeing it appear," he says. "You can also look at the velocity of the phone number -- how many times is it calling over different periods, and what are its calling patterns?"
Add audio analysis to that, Balasubramaniyan says, and you can monitor for other warning signs as well. "We can look at a phone number and correlate that with the audio," he says. "So the phone number says it's a landline, and that landline's a perfectly working telephone number -- but forensic analysis on the audio allows us to say that, no, this is not a landline in Atlanta, it's actually a Skype phone calling from Nigeria."
Not Just the Call Center: Look at Fraud Holistically
Companies can choose to leverage that information in a variety of ways: reroute a call to a fraud team as it comes in, increase the number of knowledge-based authentication questions being asked and so on. "We've also seen this information being consumed by fraud analyst teams who let the call go through, but as the call is going through, the information goes to a fraud team that can patch themselves into a call as soon as they know something is going wrong," Balasubramaniyan says.
Ben Knieff, director of product marketing at NICE Actimize, says it can be pretty simple to keep track of fraudsters through voice biometrics. "What we've seen from working with financial institutions is that there's actually a relatively small number of individuals who perpetrate fraud through the call center, so it's a very effective technique. We can find a ton of fraud that way," he says.
Regardless, Knieff says, the contact center is almost always just one component of an attack. "It may be gathering details that enable somebody to log into an online account, or it may be social engineering that enables a new debit card to be forwarded to somebody at an address -- but I don't see any fraud attack that happens purely in any one channel alone," he says. "It's always a mix."
As a result, Knieff says, it's crucial to look at fraud holistically, keeping an eye out for combined attacks that target accounts via mobile access, online and through the contact center.
"These criminals are very sophisticated. They're figuring out how to attack us on every channel that we're using -- and it's worth it to them, because they can put out a million, two million euros in a single attempt," he says. "So companies have to really think about the breadth of attack vectors and then think about how to bring the defenses together into a holistic picture. I understand my threats holistically, so I want to understand my defenses holistically."
Jeff Goldman is a freelance journalist based in Los Angeles. He can be reached at firstname.lastname@example.org.